From 2ee2ba12461dbebce79b7920b5c0ed5733f6b605 Mon Sep 17 00:00:00 2001 From: RoryPTB <47696929+RoryPTB@users.noreply.github.com> Date: Thu, 22 Aug 2024 18:22:11 +0200 Subject: [PATCH] feat: auto generate users of form WIS2BOX_BROKER_USERNAME_* with permissions under topic of form WIS2BOX_BROKER_TOPIC_* --- wis2box-broker/acl.conf | 6 +----- wis2box-broker/entrypoint.sh | 12 +++++++++++- wis2box-create-config.py | 7 ------- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/wis2box-broker/acl.conf b/wis2box-broker/acl.conf index 11ff1d6d0..64f9e36b1 100644 --- a/wis2box-broker/acl.conf +++ b/wis2box-broker/acl.conf @@ -5,8 +5,4 @@ user _WIS2BOX_BROKER_USERNAME topic readwrite origin/# topic readwrite wis2box/# topic readwrite data-incoming/# -topic read $SYS/# - -user _WIS2BOX_CAP_USERNAME -topic readwrite wis2box/cap/# -topic read origin/# \ No newline at end of file +topic read $SYS/# \ No newline at end of file diff --git a/wis2box-broker/entrypoint.sh b/wis2box-broker/entrypoint.sh index bdfa705df..9a71986a9 100644 --- a/wis2box-broker/entrypoint.sh +++ b/wis2box-broker/entrypoint.sh @@ -16,7 +16,6 @@ echo "Setting mosquitto authentication" if [ ! -e "/mosquitto/config/password.txt" ]; then echo "Adding wis2box users to mosquitto password file" mosquitto_passwd -b -c /mosquitto/config/password.txt $WIS2BOX_BROKER_USERNAME $WIS2BOX_BROKER_PASSWORD - mosquitto_passwd -b /mosquitto/config/password.txt $WIS2BOX_CAP_USERNAME $WIS2BOX_CAP_PASSWORD mosquitto_passwd -b /mosquitto/config/password.txt everyone everyone else echo "Mosquitto password file already exists. Skipping wis2box user addition." @@ -25,4 +24,15 @@ fi sed -i "s#_WIS2BOX_BROKER_QUEUE_MAX#$WIS2BOX_BROKER_QUEUE_MAX#" /mosquitto/config/mosquitto.conf sed -i "s#_WIS2BOX_BROKER_USERNAME#$WIS2BOX_BROKER_USERNAME#" /mosquitto/config/acl.conf +for i in `env | grep -Ee "\> /mosquitto/config/acl.conf + echo "topic readwrite ${!topic}" >> /mosquitto/config/acl.conf +done + /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf diff --git a/wis2box-create-config.py b/wis2box-create-config.py index 8330c2c11..11a5ff6d0 100644 --- a/wis2box-create-config.py +++ b/wis2box-create-config.py @@ -344,11 +344,6 @@ def create_wis2box_env(config_dir: str) -> None: # update WIS2BOX_BROKER_PUBLIC settings after updating broker defaults fh.write('# update WIS2BOX_BROKER_PUBLIC settings after updating broker defaults\n') # noqa fh.write('WIS2BOX_BROKER_PUBLIC=mqtt://${WIS2BOX_BROKER_USERNAME}:${WIS2BOX_BROKER_PASSWORD}@mosquitto:1883\n') # noqa - # use the default username wis2box for WIS2BOX_CAP - fh.write('WIS2BOX_CAP_USERNAME=wis2box\n') - # get password for WIS2BOX_CAP_PASSWORD and write it to wis2box.env - fh.write(get_password('WIS2BOX_CAP_PASSWORD')) - fh.write('\n') # update minio settings after updating storage and broker defaults fh.write('\n') fh.write('# minio settings\n') # noqa @@ -359,8 +354,6 @@ def create_wis2box_env(config_dir: str) -> None: fh.write('MINIO_NOTIFY_MQTT_ENABLE_WIS2BOX=on\n') fh.write('MINIO_NOTIFY_MQTT_USERNAME_WIS2BOX=${WIS2BOX_BROKER_USERNAME}\n') # noqa fh.write('MINIO_NOTIFY_MQTT_PASSWORD_WIS2BOX=${WIS2BOX_BROKER_PASSWORD}\n') # noqa - fh.write('MINIO_NOTIFY_MQTT_USERNAME_CAP=${WIS2BOX_CAP_USERNAME}\n') # noqa - fh.write('MINIO_NOTIFY_MQTT_PASSWORD_CAP=${WIS2BOX_CAP_PASSWORD}\n') # noqa fh.write('MINIO_NOTIFY_MQTT_BROKER_WIS2BOX=tcp://${WIS2BOX_BROKER_HOST}:${WIS2BOX_BROKER_PORT}\n') # noqa fh.write('MINIO_NOTIFY_MQTT_TOPIC_WIS2BOX=wis2box/storage\n') fh.write('MINIO_NOTIFY_MQTT_QOS_WIS2BOX=1\n')